Hi,
Spring Security makes the authentication process in SmartGwt extremely powerful and convenient, that is brilliant, but i got a slight problem here.
in my application, the client side needs to obtain login user information in order to create GUI, determine what to show and what to do based on user role attribute. My application generally has 5 main classes for different pages/functionalities. In every class, there's a couple of lines of code to asynchronously retrieve user information stored in the current session, and then use this info to establish/show certain views of the GUI accordingly.
With Spring Security, when the session is timed out, or the user is trying to access a protected resource, a popup window will display to prompt the user to login, if the login succeeds, it the RPCManager resends the transaction, hence the user action is continued seamlessly.
Here's the scenario
1. user DAVID logs in, opens up the search page(the login user info for DAVID is loaded to the client side), and leaves the computer
2. 30 minutes later, user JOHN comes to the computer, and clicks on the 'Search' button, because the session has timed out, so JOHN is prompted to login again. He uses his username to login successfully.
3. now, the client side login user info contains the details of DAVID, but current login user is JOHN. If these two users have different access level, and different views are displayed for each of them, then JOHN is going to see DAVID's page, that's wrong.
I m thinking of refresh the whole page every time when a user logs in, but this way the benefits of 'Resent Transaction' will no long available.
any idea about this? thank you!
Spring Security makes the authentication process in SmartGwt extremely powerful and convenient, that is brilliant, but i got a slight problem here.
in my application, the client side needs to obtain login user information in order to create GUI, determine what to show and what to do based on user role attribute. My application generally has 5 main classes for different pages/functionalities. In every class, there's a couple of lines of code to asynchronously retrieve user information stored in the current session, and then use this info to establish/show certain views of the GUI accordingly.
With Spring Security, when the session is timed out, or the user is trying to access a protected resource, a popup window will display to prompt the user to login, if the login succeeds, it the RPCManager resends the transaction, hence the user action is continued seamlessly.
Here's the scenario
1. user DAVID logs in, opens up the search page(the login user info for DAVID is loaded to the client side), and leaves the computer
2. 30 minutes later, user JOHN comes to the computer, and clicks on the 'Search' button, because the session has timed out, so JOHN is prompted to login again. He uses his username to login successfully.
3. now, the client side login user info contains the details of DAVID, but current login user is JOHN. If these two users have different access level, and different views are displayed for each of them, then JOHN is going to see DAVID's page, that's wrong.
I m thinking of refresh the whole page every time when a user logs in, but this way the benefits of 'Resent Transaction' will no long available.
any idea about this? thank you!
Comment